Home / os / winmobile

osCommerce Installer Unauthenticated Code Execution

Posted on 03 May 2018

If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.

 

TOP